Is nothing sacred any more? Gosh, there's vulnerabilities everywhere. Just when you thought you were safe after updating to protect your CPU, now there's this. Thought RAM vendors had fixed Rowhammer from 2014? Think again, it's back with Half-Double.
As a reminder: Rowhammer is a DRAM vulnerability whereby repeated accesses to one address can tamper with the data stored at other addresses. It's kinda similar to the speculative execution vulnerabilities in CPUs. This newer Half-Double attack vector "capitalizes on the worsening physics of some of the newer DRAM chips" which sounds quite terrible.
Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the “aggressor”), bit flips were found only in the two adjacent rows (the “victims”). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to “transport” the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.
This is particularly harsh and will need hardware adjustments, again, to get around it. Google mentioned how it has signifiant ramifications for the entire computing industry and they want all stakeholders (that being literally everyone doing computing - server, client, mobile, automotive, IoT), to help develop a solution to this.
Find the paper on GitHub.
Heh, ramifications.
This is the first thing I thought ;)
Fingers crossed, rabbit's foot rubbed, anyone know what the likelihood of being attacked, and what is/are the likely attack vector(s)?
Just as with the original rowhammer the attacker must first be able to run software on your system so this is mostly an attack on servers that have multiple users and cloud solutions where multiple people access the same hardware at the same time.
edit: and of course some malicious website can serve javascript that can use rowhammer to extract secret data from your computers ram.
edit2: what as can be seen in the demonstration video https://www.youtube.com/watch?v=k2D4D-kF-ic&t=1s using this attack in a browser both takes a long time and it not entirely silent (e.g Firefox here complains that a script is taking too much time)
Last edited by F.Ultra on 26 May 2021 at 3:56 pm UTC
See more from me